Thimpress

Learnpress

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-11868

  • EPSS 15.08%
  • Veröffentlicht 10.12.2024 13:15:15
  • Zuletzt bearbeitet 08.04.2026 18:19:34

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers t...

7.5

CVE-2024-8529

  • EPSS 71.85%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 08.04.2026 19:22:26

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient esca...

7.5

CVE-2024-8522

  • EPSS 88.05%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 08.04.2026 19:22:26

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escapi...

8.8

CVE-2024-39641

  • EPSS 0.15%
  • Veröffentlicht 26.08.2024 21:15:23
  • Zuletzt bearbeitet 18.09.2024 16:57:25

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.

6.5

CVE-2024-39642

  • EPSS 0.12%
  • Veröffentlicht 13.08.2024 11:15:17
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.

6.5

CVE-2024-7548

  • EPSS 0.61%
  • Veröffentlicht 08.08.2024 06:15:42
  • Zuletzt bearbeitet 08.01.2025 21:07:57

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of suf...

8.8

CVE-2024-6589

  • EPSS 2.41%
  • Veröffentlicht 25.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:49:56

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, wit...

5.3

CVE-2024-6099

  • EPSS 0.09%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 08.04.2026 18:22:17

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout...

5.3

CVE-2024-6088

  • EPSS 1.06%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 08.04.2026 17:19:08

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauth...

8.8

CVE-2023-36516

  • EPSS 0.45%
  • Veröffentlicht 19.06.2024 15:15:57
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.